Symantec hackers say source code will be released on Tuesday
Updated: see below.
Hackers, thought to have been behind a recent breach of Symantec's extended network, threatened to release the full source code of one of its flagship products.
The Twitter user, going by the name "Yama Tough" said in the tweet, said that the 1.7 GB source code would be released tomorrow.
Hackers breached a "third-party" network, thought to be the Indian intelligence services' network, which led to fragments of Symantec's Norton anti-virus product to be released on coding site Pastebin.
It is understood that in a bid to secure contracts with the Indian government, Symantec's source code was inspected by the authorities to ensure that the product was secure. The authorities left the code on the servers which were then accessed by the hackers.
Other hackers and malware writers could directly attack Norton products, but Symantec note that this is "unlikely" due to the age of the product. What is more damaging for the company is that the entire anti-virus community will be able to see how Symantec's products work, thus enabling third-parties to improve their own products.
The code released on Pastebin so far indicates that the code is from 1999. Symantec confirmed last week that the code had been stolen, but was keen to stress that the code was from an older version of one of its enterprise anti-virus solutions.
The company behind Norton AntiVirus, amongst other products, also stressed that: "there are no indications that customer information has been impacted or exposed at this time".
Update 1: Symantec said in a statement that, "the code for Norton Utilities that was posted publicly is related to the 2006 version", noting that it was "no longer sold or supported".
The company also reiterated that: "The current version of Norton Utilities has been completely rebuilt and shares no common code with Norton Utilities 2006. The code that has been posted for the 2006 version poses no security threat to users of the current version of Norton Utilities."
Update 2: The hacker said on Twitter that "we've decided not to release [the] code to the public until we get full of it". It looks like they have other plans up their sleeve.
Image source: Twitter.
Related:
- Symantec confirms hacker theft of Norton anti-virus source code
- Symantec accused of using 'scareware' tactics to sell full-version products
- India IT: Have RIM, Nokia & Apple provided Indian Military with backdoor access to cellular comm?
- CNET: That stolen Symantec source code? It’s for older enterprise products